Virus in VirtualBox

[Acadia]

I have WindowsXP 32-bit installed inside of VirtualBox on a Win7 64-bit system. All guest additions are installed, this computer is not networked with anything.

The other day I decided to have some fun and test the anti-Virus in my guest system. So, using the browser inside of Vbox, I went to a site that downloads the EICAR test virus. Imagine my surprise when the anti-Virus in my HOST system nailed it (I use two different AVs in the host and guest). I tried it several times again during the next few days, always the same result: The AV in my host system "sees through" Virtualbox and nails the test virus.

How is this possible? I was always under the impression that Vbox, and any other virtual machine, isolates the guest from the host. I evidently need to learn something, what is missing from my knowledge.

Thank you very much,
Acadia

[SSCBrian]

I don't see why a file scanning AV solution would have any more trouble seeing a virus signature inside a VBox file than it would any other file, so I'd expect it to work as described.

[Acadia]

Ahhhhh, so you're saying that VBox lets things in but does not let them out?

Thanks for the reply,
Acadia

[SSCBrian]

Ahhhhh, so you're saying that VBox lets things in but does not let them out?

Sort of. You're loading a binary pattern inside your VM. Your VM is really just a big ol' file inside the host OS. So, the host can see the binary pattern and identify it inside the file (VM). If you loaded that pattern out of the VM file, put it in RAM, and pointed the processor at it, it would run and your host would be infected. VMs are "sort of containers", but end of the day, everything is a binary pattern on the disk and naturally the host OS can see it all... Does that help any?

[Acadia]

Does that help any?

Actually that does, thank you!

Acadia